I have just started looking into Ansible and have built a server on Centos 7. I generally don't run anything as root so I created an ansible account and group and chown -R ansible:ansible /etc/ansible.
I assumed that this would be OK, but as I start experimenting with commands, it does not seem to use sudo the way I had expected. As expected this fails because the ansible user does not have access to read /etc/shadow. -sh-4.2$ ansible localhost -a '/bin/cat /etc/shadow' localhost | FAILED | rc=1 >> /bin/cat: /etc/shadow: Permission denied When I try -b and --become-user root, I get this. -sh-4.2$ ansible localhost -a '/bin/cat /etc/shadow' -b --become-user root localhost | FAILED | rc=0 >> MODULE FAILURE /var/log/secure shows the following. Sep 13 11:39:43 ansible sudo: servacct_ansible : TTY=pts/3 ; PWD=/home/servacct_ansible ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-jjadcdyvpoluzchkhvkophnzqvhoxrcz; LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /home/servacct_ansible/.ansible/tmp/ansible-tmp-1473784783.91-193737108086693/command; rm -rf "/home/servacct_ansible/.ansible/tmp/ansible-tmp-1473784783.91-193737108086693/" > /dev/null 2>& Am I using --become-user incorrectly? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5f03b650-496a-44f2-a798-7f0feb26d40a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
